Google now requires users of third-party email apps to enable OAuth2 or use an additional password to allow access to Gmail accounts.
Some Outlook and Thunderbird users had a nasty surprise when they tried to use their email client to access their Gmail accounts. They then received a message asking them to enter their Google password and, when they entered it again, had their password rejected by the system. Indeed, the publisher has decided to tighten the conditions of access to its accounts for applications that it considers “less secure”.
Thus, Google now makes it mandatory to use the OAuth2 protocol, or an application-specific password which is then used instead of the Gmail password. With the OAuth2 protocol, the app will go through an authorization server which will send it back a token. It is this token that will allow access to the resources of the main server. Thus, the authentication takes place at the level of the Google server, and no longer within the application.
It is therefore necessary to ensure that the OAuth2 protocol is well supported by the mail client and that it is activated, for example in Thunderbird:
However, Google offers another solution. If the feature is available, using an app-specific password allows you to have a different code for each app that accesses your account. This code is generated by going to your Google Account security settings and is used in conjunction with two-factor authentication (2FA), also known as double authentication. Indeed, the app does not always allow you to enter a validation code, received by SMS or by another process, hence the use of a second password to reinforce security. Remember that double authentication strengthens the security of the Google account by using two elements from three possible categories:
Google encourages its users to switch to this type of authentication by going to their account settings. The publisher has seen a 50% drop in hacking for accounts that have activated this process.
Source :
Neowin